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REMARKS 

In an Office Action dated December 21, 2005 the Examiner rejects claims 27-47 
(all pending claims). Applicants amend claims 27, 32, 36 and 39 and traverse the 
rejection. Claims 27-47 remain in the Application. In Hght of the following arguments. 
Applicants respectfully request that this Application be allowed. 

In the Office Action, the Examiner rejects claim 27 under 35 U.S.C. §103 (a) as 
being unpatentable over U.S. Patent Number 5,996,077 issued to Williams (Williams) in 
view of U.S. Patent number 6,658,571 Bl issued to O'Brien et al (O'Brien). In order to 
maintain a rejection the Examiner has the burden of providing evidence of prima facie 
obviousness. See MPEP §2143. See also In Re Vaeck. 947 F.2d 488, 20 USPQ2d 1438 
(Fed. Cir. 1991). In order to prove prima facie obviousness, the Examiner must provide 
evidence in the prior art of a motivation to combine or modify a reference, a reasonable 
expectation of success, and a teaching of each and every claimed element. Id. 
Applicants assert the Examiner has failed to provide evidence of a teaching of each and 
every claimed element or evidence of a proper motivation to combine the references. The 
Examiner has failed to provide references that teach each and every claimed element and 
has not provided a proper motivation to combine the references. 

Claim 27 recites "at least one inspection module coupled for communication to 
said firewall core, each said at least one inspection module configured to provide 
protocol inspection of data packets to said firewall core, said firewall core configured to 
receive data packets from said plurality of communication interfaces and communicate 
said packets to said at least one inspection module for inspection, said at least one 
inspection module is further configured to be installed during the operation of the 
firewall system;" and "a new inspection module inserted into an operating memory of 
said firewall core during operation of said firewall core wherein said new inspection 
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module is software code configured to carry out an operation of providing protocol 
inspection for a new particular protocol to said firewall core wherein said new particular 
protocol is different from each said particular protocol provided by each said at least one 
inspection module." The Examiner has failed to provide a teaching of a module as 
recited in the claims. 

WiUiams does not teach modules that provide inspection of packets formatted in 
different protocols. Instead, Williams teaches a method for upgrading firewalls by using a 
hierarchal arrangement of security devices. See Col. 5, lines 1-9. The William system is 
designed to use a next generation firewall that co-exists with a legacy firewall. See Col. 
4, lines 18-24. Thus, the security devices work on different versions of the same 
protocol. The devices supplement the information of previous device in the Hierarchy to 
allow a firewall to receive all versions of a protocol. Thus, Williams does not teach the 
inspection modules recited in amended claim 27. , 

O'Brien also does not teach at least one inspection module coupled for 
communication to said firewall core, each said at least one inspection module configured 
to provide protocol inspection of data packets to said firewall core, said firewall core 
configured to receive data packets from said plurality of communication interfaces and 
communicate said packets to said at least one inspection module for inspection, said at 
least one inspection module is further configured to be installed during the operation of 
the firewall system as recited in claim 27. Instead O'Brien teaches modules that grant or 
deny access of resources to software applications based upon the application requesting 
a resource or the resource being requested. See Col. 3, hnes 41-43. The modules 
monitor system calls made by applications and permit access to resources based upon 
system calls. See Col. 5, line 45-Col. 6, line 17. There is no mention anywhere in the 
O'Brien document of modules that monitor packets being sent between systems as in a 
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firewall device. Thus, O'Brien does not teach the inspection module recited in amended 
claim 1. 

Since neither Williams nor O'Brien teaches the inspection module recited in a 
claim 27. Applicants request that this rejection of claim 27 be removed and amended 
claim 27 be allowed. 

Even if the combination of William and O'Brien teaches the inspection module 
claimed in claim 1, the Examiner has not provided evidence of a motivation to combine 
the references. As stated in the MPEP and case law, "The mere fact that references can 
be combined or modified does not render the resulting combination obvious unless the 
prior art suggests desirability of the combination." See In re Mill, 916 F2d 680 (Fed. Cir. 
1990). See also MPEP §2143.01. In the Office Action, the Examiner merely asserts that 
one skilled in the art would use security modules to reduce damage caused by malicious 
software without additional software. First, there is no support for this statement in 
either reference. Second, both Williams and O'Brien standing alone solve the problems 
stated in the particular references. More particularly Williams solves the problem of 
providing for legacy systems as new versions of a protocol are introduced. See Col. 4, 
lines 18-28. O'Brien, on the other hand solves the problem of restricting access to 
software applications. See Abstract. Thus, applicant requests that the Examiner provide 
evidence showing this motivation. 

Furthermore, case law and the MPEP require the proposed modification cannot 
render the prior art unsatisfactory for its intended purpose. See MPEP §2143.01. See 
also In re Gordon, 733 F2d 900 (Fed. Cir 1984). If the purposed modification were made 
the firewall of William would include security modules that monitor systems calls to 
restrict access to resource by software as well as providing a hierarchy of security 
devices to provide for legacy systems in a firewall. This does not improve the 
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unauthorized access to the system prevented by the firewall in William. Furthermore, 
there is no improvement of restricting access to resources by monitoring the packets 
received by the system in more than one version of a protocol. Williams and O'Brien are 
providing two different forms of security. Both systems are adequate for their intended 
purpose and combining the two would add a second function to each system. Thus, the 
combination is not permitted. 

Claims 28-31 are dependent upon amended claim 27. Thus, claims 28-31 are 
allowable for at least the same reasons as amended claim 27. Therefore, Applicants 
respectfully request claims 28-31 be allowed. 

Amended claim 32 recites a firewall core that executes inspection modules as 
recited in claim 27. Thus, amended claim 32 is allowable for the same reasons as 
amended claim 27. Therefore, applicants respectfully request that amended claim 32 be 
allowed. 

Claims 33-35 are dependent upon amended claim 32. Thus, claims 33-35 are 
allowable for at least the same reasons as amended claim 32. Therefore, Applicants 
respectfully request claims 33-35 be allowed. 

Aniended claim 36 recites an inspection module which is the same as the 
inspection module recited in amended claim 27. Thus, amended claim 36 is allowable for 
the same reasons as amended claim 27, Therefore, applicants respectfully request that 
amended claim 36 be allowed. 

Claims 37-38 are dependent upon amended claim 36. Thus, claims 37-38 are 
allowable for at least the same reasons as amended claim 36. Therefore, Applicants 
respectfully request claims 37-38 be allowed. 
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Amended claim 39 recites method for operating a system as recited in amended 
claim 27. Thus, amended claim 39 is allowable for the same reasons as amended claim 
27. Therefore, applicants respectfully request that amended claim 39 be allowed. 

Claims 40-42 are dependent upon amended claim 39. Thus, claims 40-42 are 
allowable for at least the same reasons as amended claim 39. Therefore, Applicants 
respectfully request claims 40-42 be allowed. 

Claim 43 recites a processing device that provides the method for providing the 
system recited in amended claim 27. Thus, claim 43 is allowable for the same reasons as 
amended claim 27. Therefore, applicants respectfully request that claim 43 be allowed. 

Claims 44-46 are dependent upon claim 43. Thus, claims 44-46 are allowable for 
at least the same reasons as claim 43, Therefore, Applicants respectfully request claims 
44-46 be allowed 

If the Examiner has any questions regarding this application or this response, the 
Examiner is invited to telephone the undersigned at the below number. 



Dated: February 3, 2006 
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